OAuth authorization returns "Authorization has been denied for this request" in a Azure Mobile App project

2
votes

I implemented OAuth authorization in a .Net Web Api project following this tutorial. I need to do the same, but within an Azure Mobile App project. It is published and everything works fine like a Web Api until I try to authenticate my calls to the controllers. When I add the authorize attribute and I call the api, I am supposed to send a bearer token. Please note that I do this using PostMan with my Web Api project and everything works perfect. But, in the Azure Mobile Application, every time that I call a controller with the authorize attribute using the right bearer token, it comes back with the "authorization has been denied for this request" error. The code between the web api project and the azure mobile application project is exactly the same with the only exception been in the startup class.

Web Api startup.cs:

public partial class Startup
{
    public void Configuration(IAppBuilder app)
    {
        ConfigureAuth(app);
    }
)

Azure Mobile Application startup.cs:

public partial class Startup
{
    public void Configuration(IAppBuilder app)
    {

        ConfigureMobileApp(app);
        ConfigureAuth(app);
    }
}

I think that the problem has to do with the ConfigureMobileApp function, as it has some authentication code within itself, but I am not sure. I am not used to the start up class. Still kinda noob with it.

So, every call to the web api project using the bearer token, works fine. Every call to the azure mobile application project using the bearer token, comes back with the "authorization has been denied for this request" error.

What can I do to workaround this???

Thank you!!

1
c#.netasp.net-web-apioauthazure-mobile-services

1 Answers

2
votes

According to your description, I followed the tutorial you mentioned to test this issue. According to your code, I assumed that you have created the Azure Mobile App application. You could try to change your Configuration method as follows:

public void Configuration(IAppBuilder app)
{
    ConfigureAuth(app);
    ConfigureMobileApp(app);
}

Note: The ConfigureMobileApp method within Startup.MobileApp.cs called this app.UseWebApi(config);, so you need to init your middleware before this code.

Here is my code snippet, you could refer to it.

Startup.OAuth.cs

public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }

static Startup()
{
    OAuthOptions = new OAuthAuthorizationServerOptions
    {
        TokenEndpointPath = new PathString("/token"),
        Provider = new OAuthAppProvider(),
        AccessTokenExpireTimeSpan = TimeSpan.FromDays(2),
        AllowInsecureHttp = true
    };
}

public void ConfigureAuth(IAppBuilder app)
{   
    app.UseOAuthAuthorizationServer(OAuthOptions);
    app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}

Startup.MobileApp.cs

public static void ConfigureMobileApp(IAppBuilder app)
{
    HttpConfiguration config = new HttpConfiguration();

    new MobileAppConfiguration()
        .AddMobileAppHomeController()
        .MapApiControllers() //provides custom API capabilities for WebAPI controllers decorated with the [MobileAppController] attribute
        .ApplyTo(config);

    app.UseWebApi(config);
}

ValuesController.cs

// Use the MobileAppController attribute for each ApiController you want to use  
// from your mobile clients 
[MobileAppController]
[Authorize]
public class ValuesController : ApiController
{
    // GET api/values
    public string Get()
    {
        return "Hello World!";
    }
}

Result

enter image description here

enter image description here

Additionally, Azure Mobile Apps use App Service Authentication / Authorization to secure your mobile backend, for more details, you could refer to this official document. Also, you could refer to Adrian Hall's blog for a better understanding of Azure Mobile Apps.